CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-3442
WinZip - Remote Code Execution via Trojan Horse Update
CVE-2008-3399
XRMS CRM 1.99.2 - Remote Code Execution via Include Directory Parameter
CVE-2008-3401
HIOX Random Ad 1.3 - Remote Code Execution via hm Parameter
CVE-2008-3402
HIOX Browser Statistics 2.0 - Remote Code Execution via hm Parameter
CVE-2008-3368
ATutor < 1.6.1 - Authenticated Remote Code Execution via Import Type Parameter
CVE-2008-3354
RunCMS Newbb Plus Module - Remote Code Execution via bbPath Parameter Manipulation
CVE-2008-3332
Mantis < 1.1.2 - Authenticated Remote Code Execution via adm_config_set.php Value Parameter
CVE-2008-3335
PunBB < 1.2.19 - SMTP Command Injection
CVE-2008-3308
C. Desseno YouTube Blog 0.1 - Remote File Inclusion Code Execution
CVE-2008-3311
Adam Scheinberg Flip 3.0 - Remote Code Execution via config.php incpath Parameter
CVE-2008-3313
CreaCMS 1.0 - Remote Code Execution
CVE-2008-3298
SocialEngine < 2.81 - Authenticated PHP Code Injection via Template Write Privileges
CVE-2008-3294
Vim 5.0-7.1 - Local Arbitrary Code Execution via Makefile-conf Temporary File
CVE-2008-3285
Filesys::SmbClientParser <2.7 - RCE
CVE-2008-3246
BlackBerry Attachment Service <1.0.1 - RCE
CVE-2008-3232
Dotclear < 1.2.7 - Authenticated Remote Code Execution via File Upload
CVE-2008-3207
Pragyan CMS 2.6.2 - Remote Code Execution via form.lib.php Parameter Injection
CVE-2008-3198
Firefox 3.x - Remote Code Execution via Chrome Document Script Injection
CVE-2008-3183
gapicms 9.0.2 - Remote Code Execution via dirDepth Parameter
CVE-2008-3166
BoonEx Ray 3.5 - Remote Code Execution via sIncPath Parameter
CVE-2008-3167
BoonEx Dolphin 6.1.2 - Remote Code Execution via dir[plugins] or sIncPath Parameter
CVE-2008-3093
ImperialBB < 2.3.5 - Authenticated Arbitrary PHP Code Execution via Avatar Upload
CVE-2008-1435
Microsoft Windows Vista <SP1 & Server 2008 - RCE
CVE-2008-2463
Microsoft Office Snapshot Viewer ActiveX snapview.ocx 10.0.5529.0 - RCE via SnapshotPath/CompressedPath
CVE-2008-2950
poppler < 0.8.4 - Remote Code Execution via Page Destructor
Details
Vulnerabilities 6,549
Exploit Likelihood Medium